Hacker News new | past | comments | ask | show | jobs | submit login

Previous HN discussion on Monkeysphere, a Debian project which implements something like what the author envisions: https://news.ycombinator.com/item?id=6617132

And the description from the Monkeysphere site on why they are a better alternative for HTTPS: http://web.monkeysphere.info/why/#index1h3




Indeed, this is pretty much exactly what the OP is talking about. The problem is that it's hard to bootstrap, since correct verification procedures are not widely-known.

TACK, what tptacek mentioned, is an orthogonal strategy for solving the same problem, but it assumes that some MITM will be detected. An ideal solution would involve a combination of both TACK and monkeysphere.


There's also convergence, which currently can work for the case where the client is undergoing MITM, but not the server. Add support for notaries to cache TACK responses and you are pretty secure.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: